A security firm that had pointed the finger at a 17-year-old Russian last week updated its report Monday to identify a different Russian resident as being responsible for writing the malware used in an attack compromised the credit card numbers and other personal information of up to 110 million Target customers .

In a statement published Friday , security firm IntelCrawler said the breach was the result of malware that infected Target 's payment system and possibly compromised the systems of other retailers . Neiman Marcus reported a similar security breach this month .

The 17-year old does not appear to be solely responsible for the attack . Independent security researcher Brian Krebs earlier reported that other code in the Target hack pointed to a Ukraine resident .

Homeland security warns retailers

Experts say the author may have shared it with others .

`` Well , we should be worried . One of the things the hackers do is take the malware as it 's called . Once it 's identified , then the security community can rally around it and put controls in place . But the problem is , the hackers know that . And they manipulate or mutate this malware , and then reuse it , '' SecureState CEO Ken Stasiak said .

`` We believe that he originated the code , or the malware everybody 's calling it now . And was able to put it up on the Internet for download for other hackers to then take , and potentially use it for malicious harm . And that 's what we believe happened to Target and Neiman Marcus . ''

The first sample of the malware was created in March and since then , more than 40 versions have been sold around the world , IntelCrawler said . It first infected retailers ' systems in Australia , Canada and the United States .

Hack is a wake-up call on privacy

Andrew Komarov , IntelCrawler CEO , said most of the victims are department stores and said more BlackPOS infections as well as new breaches could appear soon . Retailers should be prepared .

`` The numbers could be staggering , really , because what the retailers are looking at are potential class action lawsuits , '' CNN legal analyst Paul Callan said .

`` Let 's say hypothetically , a retailer has 40 million transactions by 40 million different customers . All 40 million may have been damaged in some way , and under law they can all be joined together in a class action lawsuit . ''

Millions getting new cards after hack

@highlight

IntelCrawler updates report , says Russian teenager not solely responsible for attack

@highlight

Target breach imperiled credit card numbers , personal info of millions

@highlight

Teen reportedly shared malware with other hackers

@highlight

Experts warn other breaches could happen